Posted by Razib Khan on December 26, 2007; This entry is filed under Uncategorized.

Received this email:

It appears your website has been compromised. When visiting https://gnxp.com (as opposed to regular http) Firefox prompted me with a message that the security certificate for snakeoil.dom has expired. After some googling I found out it is likely an authentication certificate for a virus.

This step interactively generates a certificate for your server. These are used in cryptographic negotiations with your web clients. See Resources for where to find more information on SSL. In the meantime, these are my suggested answers to the questions (you’ll have to adjust some parameters)

While the certificate process correctly notes this certificate should not be used on a production system, for home use it should be fine. Basically, there is no trust mechanism in place, so the certificate could be a forged one, allowing an attacker to listen to sensitive information. However, since it is just you and signing a certificate can be expensive, we’ll work with these certificates. If you want to host, say, a commerce site on your web server, you should definitely get it signed by a recognized authority.

B.B wrote: “So, how is it that standard default settings for authentication certificates got labeled as a trojan created by Israeli hackers?”

I don’t know where that originated, but I can tell you how it originated: Somebody made it up and posted it somewhere, for reasons best known to him (or her). The reasons aren’t hard to guess, though . . .